[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: override write protection?
On Sat, Aug 12, 2000 at 11:12:37AM -0500, Charles Menzes wrote:
> okay, here is my issue, i have some users on a machine that will need only
> specific privs. i have them set up as:
>
> shell /bin/rbash
> dir /home/guests/~user
>
> path /usr/local/guests/bin
>
> i would like to make sure that they are unable to edit their .bash_profile
> so that they can alter their path.
>
> dir perms 700 owned by user
> .bash_properms 640 owned by root group is user's group
>
> in order for them to not write to their profile, do i need a
>
> 2700 on their directory
> or
> 4700 on their dir?
Neither.
Assuming user "foo"...
shell: /bin/rbash
homedir: /home/guests/foo
writable dir: /home/guests/foo/data
Ownership of ~foo: user root (or whatever), group foo.
Permissions of ~foo: 0750.
Ownership of ~foo/data: user foo, group foo.
Permissions of ~foo/data: 6770 or 6700.
Ownership of ~foo/.bash_profile: user root, group foo.
Permissions of ~foo/.bash_profile: 0640.
(Also protect .profile, .cshrc, .bashrc, etc. the same way as
.bash_profile.)
You realize, of course, that securing shell access to the box is
almost futile. But, this is better.
-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.